Embattled by hactivists, cybercriminals and foreign rivals seeking to steal proprietary information, U.S. corporations are ramping up their hiring of cybersecurity experts, with open jobs reaching an all-time high in April.
The need for cybersecurity experts spans all industries, from financial services, manufacturing and utilities to healthcare and retail. Among the major U.S. companies trying to fill cybersecurity-related positions are Boeing, Baylor Health Care System, Verisign and Office Depot.
Cybersecurity jobs also are plentiful in the U.S. federal government market. For example, the Energy Department's Idaho National Lab is seeking a senior cybersecurity researcher to support its lead nuclear research and development facility.
The number of cybersecurity-related job openings listed on the Dice.com Web site for IT professionals rose significantly in April 2012 compared to a year ago. The biggest increase was for cybersecurity specialists, which rose 74% with 920 open job listings. U.S. companies also are hiring thousands of network security, information security and application security experts.
"Every year, threats go up, so every year companies increase investment in security,'' says Tom Silver, senior vice president of North America for Dice. "On Dice, information security jobs reached an all-time high last month ... Companies want security professionals to counter breaches and also anticipate gaps, suggesting measures to fill them. Protection is key.''
Several trends are driving the demand for cybersecurity experts. Companies have increasingly complex networks, more transactions to process, and more data than ever. They're using cloud applications such as Salesforce and Taleo, which extends their need for information security outside the perimeter of their networks. Additionally, they're dealing with a flood of user-owned mobile devices such as smartphones and tablets.
The cybersecurity skills needed three years ago compared to now "is a whole different ballgame," says Sudhir Verma, vice president of consulting services and project management at Force 3, a Crofton, Md., government contractor that is hiring several senior engineers, solutions architects and analysts for its security team.
"Three years ago, the iPad was not in play. Now we're hiring experts in our practice who understand the bring-your-own-device and consumerization trends,'' Verma says. ``Everything is in flux with the move to the cloud and mobile devices. It's no longer about managing firewalls for IT security. It's beyond that. It's about how to protect information in the enterprise in an environment that includes cloud applications and tablets.''
All of these trends are prompting CIOs and CISOs to hire experienced security professionals to safeguard their sensitive information. They are particularly concerned about protecting intellectual property from theft by government-sponsored hackers from countries such as China.
"There's certainly a great need in the market, with cybersecurity breaches costing U.S. companies upwards of $400 billion annually in intellectual property theft alone," says Don Hanson, senior vice president with Yoh, an IT staffing agency.
Hanson sees demand for developers who can build secure applications, network engineers with security certifications, and architects who understand how to secure systems and processes. He says there is also a need for IT professionals to be involved with security monitoring, information assurance and regulatory compliance.
"The biggest need is for folks that are working in security with cutting-edge technologies,'' Hanson says. "There are so many mobile devices out there, it's important to add the layer of mobile device management and to understand how that additional layer works."
Hanson says companies are looking to hire IT professionals with experience in security information event management, intrusion detection, data loss prevention and logging systems, as well as those with certifications related to ethical hacking and digital forensics. However, they prefer to hire IT professionals with a big-picture perspective on security issues rather than expertise in only one type of security device.
"It's not so much about any one technology or any one point product," Hanson says. "It's more about a holistic approach to security that companies are taking that includes their policies and assets across their entire information architecture."
The titles for open cybersecurity jobs vary, with the most popular being security engineers, security analysts and security architects. Other organizations favor the terms cybersecurity analysts and information assurance analyst.
"We're looking now for cybersecurity intelligence analysts and information assurance analysts who understand how to look at information not only from a technical and logical security standpoint, but who can relate that back to risk management and business process risk," says Jacob Braun, president and COO of Waka Digital Media Corp., a Boston-based IT security consulting firm. "We're looking for people who can look at attacks in progress and can find occurrences that are symptomatic of attacks and...can help mitigate potential for future attacks."
Most of these high-paying cybersecurity jobs are not for recent computer science graduates; instead companies are looking to hire IT professionals with five to 15 years of experience with security systems and processes as well as related certifications. [See sidebar with tips for landing a cybersecurity job.]
Next page: Salary expectations and more